AI-Driven Web Attacks Surge 73% in APJ, Akamai Report Reveals

Akamai Technologies, the cybersecurity and cloud computing company that powers and protects businesses online, has released a new State of the Internet (SOTI) report titled State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. The report revealed that the Asia Pacific and Japan (APJ) region experienced a 73% year-over-year increase in web application attacks—the highest percentage increase globally—highlighting the urgent need to secure web applications and APIs amid the rapid adoption of artificial intelligence (AI).

While AI is transforming both web application and API security by enhancing threat detection and response capabilities, it is also introducing new challenges. In 2024, the APJ region recorded a total of 51 billion web application attacks, up from 29 billion in 2023. This surge is closely tied to the rapid growth of AI-powered applications, which are expanding the attack surface and increasing the complexity of cyber threats.

The countries most targeted by web and API attacks in APJ were Australia (20.3 billion), India (17.3 billion), and Singapore (15.9 billion); followed by Japan (6.3 billion), China (6.2 billion), South Korea (4.9 billion), New Zealand (2.9 billion), and Hong Kong SAR (2.2 billion). The most attacked industries across APJ were financial services—with over 27 billion web attacks—followed by commerce, with more than 18 billion attacks. These trends correlate with the accelerated adoption of emerging technologies like AI in these sectors.

Web and API attacks in APJ contributed to a global total of 311 billion web application attacks in 2024, representing a 33% year-over-year increase. Central to this year’s findings is the rising threat to APIs, which are increasingly used to integrate AI-driven tools with core platforms. Akamai documented 150 billion API attacks globally between January 2023 and December 2024, as attackers exploited authentication gaps and automation-friendly vectors. AI-powered APIs are especially vulnerable due to their external accessibility and often inadequate authentication protocols.

APJ Becomes Second Most Targeted Region for Layer 7 DDoS Attacks

The report also revealed a 94% global increase in Layer 7 (application layer) DDoS attacks over the same period, reaching 7 trillion attacks, with the high-technology sector being the most impacted. Monthly attack volumes rose from just over 500 billion in early 2023 to more than 1.1 trillion by the end of 2024. HTTP floods remained the most prevalent Layer 7 DDoS threat, targeting web applications and APIs with persistent severity.

APJ followed the global trend, recording a 66% year-over-year growth in Layer 7 DDoS attacks—the second most targeted region globally—peaking at 504 billion in December 2024. Over the two-year period, the region saw 7.4 trillion attacks, with Singapore (4.7 trillion), India (1.1 trillion), and South Korea (607 billion) being the most affected. The report also noted that digital media platforms, including social media and commerce, were among the most impacted sectors in APJ.

Other Key Global Findings:

• Over 230 billion web attacks targeted commerce organizations, making it the most impacted industry globally—nearly triple the attacks on the high-tech sector.

• OWASP API Top 10-related incidents rose by 32%, exposing vulnerabilities in authentication and authorization that compromise sensitive data and functionality.

• Security alerts tied to the MITRE framework increased by 30%, as attackers leverage automation and AI to exploit APIs.

• Shadow and zombie APIs emerged as particularly vulnerable entry points within increasingly complex API ecosystems

The surge in web and API attacks across APJ reflects more than just the region’s rapid digital adoption—it underscores the urgent need for cybersecurity to evolve alongside AI integration in enterprise ecosystems. As threat actors escalate attacks in both scale and sophistication, security strategies must adapt accordingly,” said Reuben Koh, Director of Security Technology and Strategy, Akamai Technologies APJ. “This SOTI report also provides practical mitigation strategies to help organizations protect themselves against evolving threats.”

Heightened Compliance Requirements to Counter Emerging Threats

In response to the exponential growth in web and API attacks, regulatory bodies across the globe are enforcing stricter cybersecurity compliance mandates—including governments in the APJ region. Singapore has expanded its cybersecurity bill for broader regulatory oversight; Japan has strengthened its national cybersecurity laws and strategy; India passed the Digital Personal Data Protection Bill; and Australia enacted the Cybersecurity Act 2024, which places stricter controls on APIs and applications processing sensitive data.

With compliance deadlines approaching and enforcement tightening, organizations that delay security upgrades risk not only regulatory penalties but also reputational damage, data breaches, and service disruptions. Akamai advises enterprises to adopt a shift-left security approach, enhance API governance, and deploy AI-powered defenses to detect and mitigate evolving cyber threats.

Now in its 11th year, Akamai’s State of the Internet (SOTI) report series delivers expert insights on cybersecurity and web performance, drawn from data gathered via its network infrastructure, which processes over one-third of global web traffic.

#Cyberattacks